Enable global_csrf_token Feature flag

What

Remove the :global_csrf_token feature flag ...

  1. Deploy this patch with :global_csrf_token FF disabled. (Done with !33454 (merged))
  2. Once all Rails servers are on 6.0.3.1, enable :global_csrf_token FF.
  3. On GitLab 13.2, remove this patch

Owners

  • Team: Configure
  • Most appropriate slack channel to reach out to: #development
  • Best individual to reach out to: @tkuah

Expectations

What are we expecting to happen?

POST requests continue to work after the feature flag is enabled for both:

  • CSRF tokens generated before the feature flag is enabled
  • CSRF tokens generated after the feature flag is enabled

What might happen if this goes wrong?

Non-GET request start failing much like gitlab-com/gl-infra/production#2203 (closed)

What can we monitor to detect problems with this?

Is there a dashboard to monitor for 401 responses ? Potentially Requests by Status Class

Also using Kibana: https://log.gprd.gitlab.net/goto/217a036be8ac8db3f466364438c3b5ec

Beta groups/projects

If applicable, any groups/projects that are happy to have this feature turned on early. Some organizations may wish to test big changes they are interested in with a small subset of users ahead of time for example.

N/A

Roll Out Steps

  • Enable on staging
  • Test on staging
  • Ensure that documentation has been updated => !34116 (merged)
  • [-] Enable on GitLab.com for individual groups/projects listed above and verify behaviour
  • Coordinate a time to enable the flag with #production and #g_delivery on slack.
  • Announce on the issue an estimated time this will be enabled on GitLab.com
  • Enable on GitLab.com by running chatops command in #production
  • Cross post chatops slack command to #support_gitlab-com (more guidance when this is necessary in the dev docs) and in your team channel
  • Announce on the issue that the flag has been enabled
  • Remove feature flag and add changelog entry
  • After the flag removal is deployed, clean up the feature flag by running chatops command in #production channel
Edited by Thong Kuah